HijackThis_zww汉化版扫描日志 V1.99.1
保存于      8:59:45, 日期 2006-8-29
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\木马杀客\mmsk.exe
E:\QQ\QQ.exe
E:\QQ\TIMPlatform.exe
C:\PROGRA~1\INTERN~1\iexplore.exe
C:\Program Files\HijackThis1991汉化版\HijackThis1991zww.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - (no file)
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - 启动项HKLM\\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - 启动项HKLM\\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - 启动项HKLM\\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: desktop.ini
O4 - Global Startup: desktop.ini
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O14 - IERESET.INF: START_PAGE_URL=about:blank
O14 - IERESET.INF: MS_START_PAGE_URL=about:blank
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {ACFE8232-03C5-4AEC-AF5E-42B806724096} (KSHScan Control) - http://safe.qq.com/scan/KAllScan.CAB
O18 - 列举现有的协议: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - (no file)
O23 - NT 服务: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - NT 服务: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - NT 服务: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: P4P Service - Sohu.com Inc. - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
O23 - NT 服务: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - NT 服务: Update Service For Windows (winupdate) - Unknown owner - C:\WINDOWS\winupdate.exe (file missing)

2006-08-29,09:18:14

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><nwiz.exe /install>  []
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [NVIDIA Corporation]
    <NVIDIA nTune><"C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear>  []
    <vptray><C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe>  [Symantec Corporation]
    <StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{CF49F9F2-A8D3-464F-83EC-6AFC6573C267}><C:\WINDOWS\system32\Nonsenser.dll>  []
    <{288BD9BD-F0DC-46B1-81B5-2B61DF8077CE}><C:\WINDOWS\system32\ztlog3.DLL>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <Vision><>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll>  []

==================================
启动文件夹
服务
[SVCH0ST.EXE / Curity Center]
  <C:\WINDOWS\win.exe><N/A>
[DefWatch / DefWatch]
  <C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe><Symantec Corporation>
[Symantec AntiVirus Client / Norton AntiVirus Server]
  <C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe><Symantec Corporation>
[nTune Service / nTuneService]
  <C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService><NVIDIA>
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[P4P Service / P4P Service]
  <C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
[Update Service For Windows / winupdate]
  <C:\WINDOWS\winupdate.exe><N/A>

==================================
浏览器加载项
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\Program Files\Sogou PXP\MMCShell.dll, Sohu.com Inc.>
[KSHScan Control]
  {ACFE8232-03C5-4AEC-AF5E-42B806724096} <C:\WINDOWS\system32\kingsoft\ONLINE~1\KSHScan.ocx, kingsoft>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\Program Files\Sogou PXP\MMCShell.dll, Sohu.com Inc.>
[EWA Control]
  {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\COMMON~1\Synacast\SynaLive\SYNACA~1.OCX, Synacast>
[KLeakScan Control]
  {1FFFA3E9-A615-41FA-972D-7DB61F23AE90} <C:\WINDOWS\system32\kingsoft\ONLINE~1\KLKScan.ocx, kingsoft>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[PwdEdit Control]
  {5467862B-C477-437F-886E-EC5006B37DCA} <C:\WINDOWS\system32\PwdEdit.ocx, adtec>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <F:\迅雷\Components\InMedia\MediaAddin07.dll, Thunder Networking Technologies,LTD>
[SecClient Control]
  {85599589-00AA-11D7-A7D0-00E04C3F6D70} <C:\WINDOWS\system32\SECCLI~1.OCX, bj-union>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[KSHScan Control]
  {ACFE8232-03C5-4AEC-AF5E-42B806724096} <C:\WINDOWS\system32\kingsoft\ONLINE~1\KSHScan.ocx, kingsoft>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Kingsoft DUBA OnlineScan]
  {C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} <C:\WINDOWS\system32\kingsoft\ONLINE~1\kavclean.ocx, kingsoft>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
  <F:\迅雷\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <F:\迅雷\Program\GetAllUrl.htm, N/A>

==================================
正在运行的进程
[PID: 580][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 688][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 760][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\NavLogon.dll]  <N/A><N/A>
[PID: 836][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 848][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1016][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1100][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1208][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1264][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1320][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1672][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 180][C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe]  <Symantec Corporation><8.1.0.821>
[PID: 256][C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe]  <Symantec Corporation><8.1.0.821>
    [C:\WINDOWS\system32\CBA.DLL]  <Intel? Corporation><6.12.0.105 E>
    [C:\WINDOWS\system32\MsgSys.dll]  <Intel? Corporation><6.12.0.105 E>
    [C:\WINDOWS\system32\NTS.dll]  <Intel? Corporation><6.12.0.105 E>
    [C:\WINDOWS\system32\PDS.DLL]  <Intel? Corporation><6.12.0.105 E>
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVLU.dll]  <Symantec Corporation><8.1.0.821>
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL]  <Symantec/Peter Norton Group><1, 0, 0, 1>
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\i2ldvp3.dll]  <Symantec Corporation><8.1.0.821>
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPI32.DLL]  <Symantec Corp.><4.2.0.7>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060828.003\NAVEX32a.DLL]  <Symantec Corporation><20061.2.0.26>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060828.003\NAVENG32.DLL]  <Symantec Corporation><20061.2.0.26>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP32.DLL]  <Symantec Corporation><9.1.0.26>
    [C:\WINDOWS\winKey.DLL]  <N/A><N/A>
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SSC\Scandlgs.dll]  <Symantec Corporation><8.1.0.821>
[PID: 380][C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe]  <NVIDIA><4.00.00>
    [C:\Program Files\NVIDIA Corporation\nTune\nTuneServiceENU.dll]  <NVIDIA><4.00.00>
[PID: 444][C:\WINDOWS\system32\nvsvc32.exe]  <NVIDIA Corporation><6.14.10.8426>
    [C:\WINDOWS\winKey.DLL]  <N/A><N/A>
[PID: 720][C:\Program Files\Common Files\Sogou PXP\p2psvr.exe]  <Sohu.com Inc.><2, 0, 0, 17>
    [C:\Program Files\Sogou PXP\vodsvr.dll]  <Sohu.com Inc.><1, 1, 0, 4>
    [C:\Program Files\Sogou PXP\PluginClient.dll]  <Sohu.com Inc.><1, 0, 0, 22>
[PID: 280][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1904][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\winKey.DLL]  <N/A><N/A>
    [C:\WINDOWS\system32\Nonsenser.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\ztlog3.DLL]  <N/A><N/A>
    [C:\WINDOWS\system32\nvcpl.dll]  <NVIDIA Corporation><6.14.10.8426>
    [C:\WINDOWS\system32\NVRSZHC.DLL]  <NVIDIA Corporation><6.14.10.8426>
    [C:\WINDOWS\system32\nvshell.dll]  <N/A><N/A>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
[PID: 1920][C:\WINDOWS\system32\wscntfy.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\winKey.DLL]  <N/A><N/A>
    [C:\WINDOWS\system32\ztlog3.DLL]  <N/A><N/A>
    [C:\WINDOWS\system32\Nonsenser.dll]  <N/A><N/A>
[PID: 1860][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe]  <Symantec Corporation><8.1.0.821>
    [C:\WINDOWS\winKey.DLL]  <N/A><N/A>
    [C:\WINDOWS\system32\ztlog3.DLL]  <N/A><N/A>
    [C:\WINDOWS\system32\Nonsenser.dll]  <N/A><N/A>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliproxy.dll]  <Symantec Corporation><8.1.0.821>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVNTUTL.DLL]  <Symantec/Peter Norton Group><1, 0, 0, 1>
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll]  <Symantec Corporation><8.1.0.821>
[PID: 288][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\winKey.DLL]  <N/A><N/A>
    [C:\WINDOWS\system32\ztlog3.DLL]  <N/A><N/A>
    [C:\WINDOWS\system32\Nonsenser.dll]  <N/A><N/A>
[PID: 3344][C:\WINDOWS\system32\conime.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\winKey.DLL]  <N/A><N/A>
    [C:\WINDOWS\system32\ztlog3.DLL]  <N/A><N/A>
    [C:\WINDOWS\system32\Nonsenser.dll]  <N/A><N/A>
[PID: 3616][C:\Program Files\木马杀客\mmsk.exe]  <木马杀客><2,0,0,6>
    [C:\Program Files\木马杀客\krnln.fnr]  <><1, 0, 0, 1>
    [C:\WINDOWS\winKey.DLL]  <N/A><N/A>
    [C:\Program Files\木马杀客\iext2.fne]  <><1, 0, 0, 1>
    [C:\Program Files\木马杀客\iext.fne]  <><1, 0, 0, 1>
    [C:\Program Files\木马杀客\HYExtLib.fne]  <N/A><N/A>
    [C:\Program Files\木马杀客\HtmlView.fne]  <><1, 0, 0, 1>
    [C:\Program Files\木马杀客\TrayIcon.fne]  <><1, 0, 0, 1>
    [C:\Program Files\木马杀客\iext3.fne]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\ztlog3.DLL]  <N/A><N/A>
    [C:\WINDOWS\system32\Nonsenser.dll]  <N/A><N/A>
    [C:\Program Files\木马杀客\xplib.fne]  <N/A><N/A>
    [C:\Program Files\木马杀客\mmskskin.dll]  <><2, 0, 0, 6>
    [C:\Program Files\木马杀客\SkinPPWTL.dll]  <http://www.skinplusplus.com><2, 1, 0, 0>
    [C:\Program Files\木马杀客\shell.fne]  <N/A><N/A>
    [C:\Program Files\木马杀客\EThread.fne]  <N/A><N/A>
    [C:\Program Files\木马杀客\dp1.fne]  <N/A><N/A>
    [C:\Program Files\木马杀客\eAPI.fne]  <><1, 0, 0, 1>
[PID: 2644][E:\QQ\QQ.exe]  <TENCENT><0, 0, 0, 0>
    [E:\QQ\CoralAssist.DLL]  <Coral Team><4.5.0 build 20060515>
    [E:\QQ\CoralQQ.DLL]  <Coral Team><4.5.1 Build 20060620>
    [E:\QQ\ipsearcher.dll]  <N/A><1.0.0.4>
    [E:\QQ\QQBaseClassInDll.dll]  <><1, 0, 0, 1>
    [E:\QQ\QQHelperDll.dll]  <><1, 0, 0, 1>
    [E:\QQ\BasicCtrlDll.dll]  <Tencent><5, 0, 200, 160>
    [C:\WINDOWS\winKey.DLL]  <N/A><N/A>
    [E:\QQ\QQAPI.dll]  <><1, 0, 0, 1>
    [E:\QQ\TIMProxy.dll]  <tencent><0, 3, 2, 4>
    [C:\WINDOWS\system32\ztlog3.DLL]  <N/A><N/A>
    [C:\WINDOWS\system32\Nonsenser.dll]  <N/A><N/A>
    [E:\QQ\LoginCtrl.dll]  <><1, 0, 0, 1>
    [E:\QQ\npkcntc.dll]  <INCA Internet Co., Ltd.><2006, 3, 2, 1>
    [E:\QQ\npkpdb.dll]  <INCA Internet Co., Ltd.><2003, 10, 1, 1>
    [E:\QQ\QQRes.dll]  <tencent><1, 0, 0, 1>
    [E:\QQ\QQMainFrame.dll]  <N/A><N/A>
    [E:\QQ\CQQApplication.dll]  <N/A><N/A>
    [E:\QQ\NewSkin.dll]  <><1, 0, 0, 1>
    [E:\QQ\HostingMgr.dll]  <><1, 0, 0, 1>
    [E:\QQ\CameraDll.dll]  <><1, 0, 0, 1>
    [E:\QQ\MailSummary.dll]  <><1, 0, 0, 1>
    [E:\QQ\QQSpace.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\msdmo.dll]  <N/A><N/A>
    [E:\QQ\QQGroupMng.dll]  <><1, 0, 0, 1>
    [E:\QQ\GroupLive.dll]  <N/A><N/A>
    [E:\QQ\QQSysMsgMng.dll]  <N/A><N/A>
    [E:\QQ\UserDefinedHead.dll]  <><1, 0, 0, 1>
    [E:\QQ\QQPlugin.dll]  <N/A><N/A>
    [E:\QQ\QQConfigPlugin.dll]  <><1, 0, 0, 1>
    [E:\QQ\QRingMng.dll]  <N/A><N/A>
    [E:\QQ\PhoneAPI.dll]  <><1, 0, 0, 1>
    [E:\QQ\DialerAllinOne.dll]  <tencent><1, 4, 0, 0>
    [E:\QQ\QQAvatar.dll]  <N/A><N/A>
    [E:\QQ\FlashAvatarDll.dll]  <><1, 4, 0, 1>
    [E:\QQ\LongConnection.dll]  <tencent><5, 0, 200, 160>
    [E:\QQ\QQPet.dll]  <><1, 0, 0, 1>
    [E:\QQ\BQQApplication.dll]  <N/A><N/A>
    [E:\QQ\QQAllInOne.dll]  <N/A><N/A>
    [E:\QQ\SCCore.dll]  <N/A><N/A>
    [E:\QQ\QQCustomFace.dll]  <N/A><N/A>
    [E:\QQ\CommercesMng.dll]  <><1, 0, 0, 1>
    [E:\QQ\PersonalDesktop.dll]  <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
    [E:\QQ\QQUdpGetFileLib.dll]  <tencent><0, 2, 2, 3>
    [E:\QQ\QQAddr.dll]  <深圳市腾讯计算机系统有限公司><5, 0, 101, 200>
    [E:\QQ\QQSceneMng.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  <Adobe Systems, Inc.><9,0,16,0>
    [E:\QQ\GroupConnection.dll]  <Tencent><5, 0, 202, 170>
    [E:\QQ\QQMagicFace.dll]  <><1, 0, 0, 1>
    [E:\QQ\QQPhoneHelper.dll]  <腾讯科技（深圳）有限公司><2, 0, 6, 60>
    [E:\QQ\QQZip.dll]  <tencent><0, 3, 2, 4>
[PID: 2928][E:\QQ\TIMPlatform.exe]  <tencent><0, 3, 1, 8>
    [C:\WINDOWS\winKey.DLL]  <N/A><N/A>
    [C:\WINDOWS\system32\ztlog3.DLL]  <N/A><N/A>
    [C:\WINDOWS\system32\Nonsenser.dll]  <N/A><N/A>
    [E:\QQ\TIMProxy.dll]  <tencent><0, 3, 2, 4>
[PID: 1816][C:\PROGRA~1\INTERN~1\iexplore.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\winKey.DLL]  <N/A><N/A>
    [C:\WINDOWS\system32\ztlog3.DLL]  <N/A><N/A>
    [C:\WINDOWS\system32\Nonsenser.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  <Adobe Systems, Inc.><9,0,16,0>
    [F:\迅雷\ComDlls\ThunderAgent_003.dll]  <Thunder Networking Technologies,LTD><1, 0, 0, 10>
[PID: 3236][F:\downloads\sreng2\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\WINDOWS\winKey.DLL]  <N/A><N/A>
    [C:\WINDOWS\system32\ztlog3.DLL]  <N/A><N/A>
    [C:\WINDOWS\system32\Nonsenser.dll]  <N/A><N/A>

==================================
文件关联
.TXT  Error. [C:\WINDOWS\NOTEPAD.EXE "%1" ]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [notepad.exe %1]
.INF  Error. [notepad.exe %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================